<?php

	// save at bat details
	session_start();
	
	// check for login
	if(!isset($_SESSION['atbat']) && !isset($_COOKIE['remember_atbat'])) {

		// no login, move to index page
		header("Location: http://localhost/atbat/html/");

	}

	// connect to db
	require_once '../db/db.php';
	
	// get user id
	$sql = "SELECT user_id FROM users WHERE MD5(username) IN ('";
	$sql .= ((isset($_SESSION['atbat'])) ? $_SESSION['atbat'] : '') . "', '";
	$sql .= ((isset($_COOKIE['remember_atbat'])) ? $_COOKIE['remember_atbat'] : '') . "')";

	$id = $db->query($sql)->fetchAll();
	$user_id = $id[0]['user_id'];
	
	$error = false;
	// check for incoming data, this will always be ajax
	if(isset($_POST['saveAB']) && $_POST['saveAB'] != '') {
		
		// validate and sanitize
		 
		// game id
		if(isset($_POST['g_id']) && $_POST['g_id'] != '') {
			
			if(filter_var($_POST['g_id'], FILTER_VALIDATE_INT)) {
				
				$g_id = filter_var($_POST['g_id'], FILTER_SANITIZE_NUMBER_INT);	
				
			}else{
				
				$message[] = '<p class="error">Game ID is invalid.</p>';
				$error = true;
				
			}
			
		}else{
			
			$message[] = '<p class="error">Invalid game id.</p>';
			$error = true;
			
		}
		
		// player id
		if(isset($_POST['p_id']) && $_POST['p_id'] != '') {
			
			if(filter_var($_POST['p_id'], FILTER_VALIDATE_INT)) {
				
				$p_id = filter_var($_POST['p_id'], FILTER_SANITIZE_NUMBER_INT);	
				
			}else{
				
				$message[] = '<p class="error">Player ID is invalid.</p>';
				$error = true;
				
			}
			
		}else{
			
			$message[] = '<p class="error">Invalid player id.</p>';
			$error = true;
			
		}
		
		// ab id
		if(isset($_POST['ab_id']) && $_POST['ab_id'] != '') {
			
			if(filter_var($_POST['ab_id'], FILTER_VALIDATE_INT)) {
				
				$ab_id = filter_var($_POST['ab_id'], FILTER_SANITIZE_NUMBER_INT);	
				
			}else{
				
				$message[] = '<p class="error">Invalid AB ID.</p>';
				$error = true;
				
			}
			
		}else{
			
			$message[] = '<p class="error">Missing AB ID.</p>';
			$error = true;
			
		}
		
		// balls
		if(isset($_POST['balls']) && $_POST['balls'] != '') {
			
			if(is_numeric($_POST['balls'])) {
				
				$balls = filter_var($_POST['balls'], FILTER_SANITIZE_NUMBER_INT);	
				
			}else{
				
				$message[] = '<p class="error">Balls must be a number.</p>';
				$error = true;
				
			}
			
		}else{
			
			$message[] = '<p class="error">Please give the balls count.</p>';
			$error = true;
			
		}
		
		// strikes
		if(isset($_POST['strikes']) && $_POST['strikes'] != '') {
			
			if(is_numeric($_POST['strikes'])) {
				
				$strikes = filter_var($_POST['strikes'], FILTER_SANITIZE_NUMBER_INT);	
				
			}else{
				
				$message[] = '<p class="error">Strikes must be a number.</p>';
				$error = true;
				
			}
			
		}else{
			
			$message[] = '<p class="error">Please give the strikes count.</p>';
			$error = true;
			
		}
		
		// play
		if(isset($_POST['play']) && $_POST['play'] != '') {
			// TODO: create a custom callback function to handle only acceptable plays
			$play = filter_var($_POST['play'], FILTER_SANITIZE_STRING);	
			
		}else{
			
			$message[] = '<p class="error">Please enter the play.</p>';
			$error = true;
			
		}
		
		// rbi
		if(isset($_POST['rbi']) && $_POST['rbi'] != '') {
			
			if(is_numeric($_POST['rbi'])) {
				
				$rbi = filter_var($_POST['rbi'], FILTER_SANITIZE_NUMBER_INT);	
				
			}else{
				
				$message[] = '<p class="error">RBI must be a number.</p>';
				$error = true;
				
			}
			
		}else{
			
			$message[] = '<p class="error">Please give the rbi count.</p>';
			$error = true;
			
		}
		
		// save data to db
		if($error == false) {
			
			$sql = "INSERT INTO atbats (ab_id, game_id, player_id, balls, strikes, rbi, play) VALUES (" . $ab_id . ", " . $g_id . ", " . $p_id . ", " . $balls . ", " . $strikes . ", " . $rbi . ", '" . $play . "')";
			
			try { 
			
				$db->exec($sql);
				
				$message[] = '<p class="success">Saved At Bat.</p>';
				
			} catch(PDOException $e) {
				
				$message[] = '<p class="error">Failed to save at bat.</p>';
				
			}
			
		}
		
		if(isset($message)) foreach($message as $m) print $m;
		
	}else{
		
		$message[] = '<p class="error">Invalid save request.</p>';
		$error = true;
		
	}

?>